enhancing security of linux based android devices
play

Enhancing Security of Linux-based Android Devices Aubrey-Derrick - PowerPoint PPT Presentation

Dec 23, 2023 •97 likes •437 views

Enhancing Security of Linux-based Android Devices Aubrey-Derrick Schmidt, Hans-Gunther Schmidt, Jan Clausen, Kamer Ali Yksel, Osman Kiraz, Ahmet Camtepe, and Sahin Albayrak This work was funded by Deutsche Telekom Laboratories

  1. Enhancing Security of Linux-based Android Devices Aubrey-Derrick Schmidt, Hans-Gunther Schmidt, Jan Clausen, Kamer Ali Yüksel, Osman Kiraz, Ahmet Camtepe, and Sahin Albayrak This work was funded by Deutsche Telekom Laboratories

  2. www.DAI-Labor.de  Research Institute with ~100 employees  Six core departments:  Agent Core Technologies  Next Generation Services  Information Retrieval  Cognitive Architectures  Education  Security 07.11.2007 CC SEC Folie 2

  3. DAI-Labor Security Department  Works on:  Smartphone Security  Agent Security  Network Security Simulation  Critical Infrastructures  PKI / Cryptography  Next Generation Homes - Security 07.11.2007 CC SEC Folie 3

  4. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 4

  5. Motivation  Smartphones getting increasingly popular  Various smartphone malwares appeared  Signature-based approaches only efficient for “known” malware  Anti-Virus engines need avg. time of 48 days to get capable of detecting new malware [Oberheide08]  More than 700,000 can be infected via MMS in about three hours [Bulygin07] 07.11.2007 CC SEC Folie 5

  6. Motivation  Android already very popular (Java on Linux)  Android sources will be set open-source  Opportunity to develop low-level security tools for commonly used smartphones the first time  Linux security research is mature  A lot lessons learned  A lot of open source tools available 07.11.2007 CC SEC Folie 6

  7. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 7

  8. Android Security  Images on emulator  System Image (YAFFS2, 65 MB / 21 MB free)  Mounted to /system  OS files, libraries, drivers, system bins  Android config files  Android framework  Android base applications (e.g. Browser)  +R(W)X 07.11.2007 CC SEC Folie 8

  9. Android Security  Images on emulator  Userdata Image (YAFFS2, 65 MB / 40 MB free)  Mounted to /data  Used for applications, user data, DRM, ...  +RWX  Cache Image (YAFFS2, u sage not specified yet)  SD-Card Image (no “obvious” size limitations)  Mounted to /sdcard  Files created as user and group “system”  +RW 07.11.2007 CC SEC Folie 9

  10. Android Security  Applications are “location-aware”  Can only be executed in /data or /system  Any changes on file permissions succeed there  Changes in e.g. /sdcard do not succeed (e.g. set execute bit)  Most probably, (Linux) applications cannot be started via SD-Card 07.11.2007 CC SEC Folie 10

  11. Android Security  (Java) Application signing is required  Linux state not clear  developer signs his application with own certificate at the moment  System might change to something similar to Symbian OS  Central authority for assigning certificates  Limited access to APIs  Each, Goole and T-Mobile announced application store (might include application testing and verification) 07.11.2007 CC SEC Folie 11

  12. Android Security  File rights:  /data/data/<package.application_name>  “application land”  drwxr-xr-x app_14 app_14 2008-09-17 14:26 com.android.sample  Application can access other application directories signed with identical certificates  “Certification land” 07.11.2007 CC SEC Folie 12

  13. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 13

  14. Adding Linux Security Tools to Android General Information  Emulator is used as basis  OHA/Google modified a lot of standard libraries and binaries  Reason: opportunity for business costumers to claim “intellectual property”  Application space is limited (~40 MB)  Common security tools were tested  But: special build environment needed 07.11.2007 CC SEC Folie 14

  15. Creating a Build Environment for Android  Ubuntu 8.04  Two toolkits can be used  Sourcery cross-compile toolchain  Scratchbox cross-compilation toolkit  Emulated ARM environment  “Common” Linux file system layout 07.11.2007 CC SEC Folie 15

  16. Creating a Build Environment for Android Important Facts  Files are located in:  System files are placed in /system  Binaries in /system/bin  Libraries in /system/lib  Config files in /system/etc  System configuration in OpenBinder  Page alignment causes changes in linking  Only way to get available applications run is compiling them statically 07.11.2007 CC SEC Folie 16

  17. Adding Tools  “Top 100 Network Security Tools” [Insec06]  Tested from 5 main categories:  Anti-Virus: ClamAV  Firewall: iptables  Rootkit Detectors: chkrootkit  Intrusion Detection: Snort  Other useful tools: Busybox, Bash, OpenSSH, strace, Nmap 07.11.2007 CC SEC Folie 17

  18. Anti-Virus: ClamAV  Android Compatibility: Works  Problems, solutions, and size:  Static compilation (linking) required  Dependent on static compiled version of "zlib" (zlib-1.2.3)  Total size of all ClamAV relevant files (approx. 28MB) exceeds available size in System image  (21MB). ClamAV virus signature database needs to be placed in a different location.  Size (approx.): 11140 KB libraries and binaries (/opt), 17324 KB database (/data) 07.11.2007 CC SEC Folie 18

  19. Anti-Virus: ClamAV Results ----------- SCAN SUMMARY ----------- Known viruses: 407205 Engine version: 0.94 Scanned directories: 0 Scanned files: 106 Infected files: 0 Data scanned: 5.12 MB Time: 107.236 sec (1 m 47 s) # 07.11.2007 CC SEC Folie 19

  20. Firewall: iptables  Problems:  Kernel needs to be recompiled from source. Sources can be freely downloaded from Android Project website. Enable NETFILTER in kernel configuration and recompile!  “iptables” cannot be compiled due to linker issues: It requires statically compiled parts of libc which Android does not provide. 07.11.2007 CC SEC Folie 20

  21. Rootkit Detector: Chkrootkit  Android Compatibility: Works with minor dependencies  Problems, solutions, and size:  Static compilation (linking) required  Requires "netstat" (provided by "busybox")  Requires standard directories (/lib, /etc, etc.) provided by symbolic links pointing to the correct Android directories  Size (approx.): 588 KB 07.11.2007 CC SEC Folie 21

  22. Rootkit Detector: Chkrootkit Results # ./chkrootkit [: gid: unknown operand ROOTDIR is `/' Checking `amd'... not found Checking `basename'... INFECTED Checking `biff'... not found Checking `cron'... not infected Checking `echo'... INFECTED Checking `egrep'... not infected Checking `env'... INFECTED Checking `find'... not infected Searching for common ssh-scanners default files... nothing found Searching for suspect PHP files... find: /var/tmp: No such file or directory nothing found Searching for anomalies in shell history files... nothing found chkproc: Warning: Possible LKM Trojan installed chkdirs: Warning: Possible LKM Trojan installed Checking `sniffer'... ./chkrootkit: ./ifpromisc: not found 07.11.2007 CC SEC Folie 22

  23. Intrusion Detection: Snort  Problems:  Dependencies to libpcap, libdnet, libnet, pcre and iptables (all as statically compiled/linked solutions)  Requires statically compiled/linked libc parts which are not available on Android 07.11.2007 CC SEC Folie 23

  24. Other Useful Tools: Busybox, Bash, OpenSSH, strace, Nmap  Busybox: works  Bash: works  OpenSSH: Can be executed but is not fully functional (requires users that do not exist in the android environment)  strace: works  Nmap: works with minor dependencies 07.11.2007 CC SEC Folie 24

  25. TOC  Motivation  Android Security  Adding Linux Security Tools to Android  Enhancing Security with self-built IDS 07.11.2007 CC SEC Folie 25

  26. Enhancing Security with a Self-built Intrusion Detection System 07.11.2007 CC SEC Folie 26

  27. Detecting Intrusions and Malware Overview 07.11.2007 CC SEC Folie 27

  28. Detecting Intrusions and Malware Static Function Call Approach  Planned to present metric for weighing suspiciousness of function/system calls  Solution far more easier on Android  Simple decision tree can achieve 95% detection rate  Tested with Linux malware  Some of them were recompiled for Android, but only minor differences  Still has to be tested on real device! 07.11.2007 CC SEC Folie 28

  29. Detecting Intrusions and Malware Static Function Decision Tree __bss_start = y ... continued | gethostbyname = y | | sigaction = y: normal __bss_start = n | | sigaction = n: malicious | printf = y: malicious | gethostbyname = n | printf = n | | fork = y | | fprintf = y: malicious | | | strerror = y | | fprintf = n | | | | getgrgid = y: malicious | | | execv = y: malicious | | | | getgrgid = n: normal | | | execv = n | | | strerror = n: malicious | | | | memmove = y: malicious | | fork = n: normal | | | | memmove = n | | | | | perror = y: malicious continued on the right side | | | | | perror = n: malicious 07.11.2007 CC SEC Folie 29

Recommend

Recycle Your Android Devices Run real Linux on them David Greaves lbt on #mer #sailfjshos

Recycle Your Android Devices Run real Linux on them David Greaves lbt on #mer #sailfjshos

Recycle Your Android Devices Run real Linux on them David Greaves lbt on #mer #sailfjshos ... Co-founder of the Mer Project Who am I? work at Jolla systems and infrastructure (OBS, QA, gitlab, bz ... VMs) HA Documentation Mer tools

621 views • 39 slides
Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig

Security Enhanced (SE) Android: Bringing Flexible MAC to Android Stephen Smalley and Robert Craig Trusted Systems Research National Security Agency Motivation Android security relies on Linux DAC. To protect the system from apps. To

480 views • 21 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux

Orchestrated Android-Style System Upgrades for Embedded Linux Diego Rondini Embedded Linux Conference Europe 2017, Prague Diego Rondini, www.kynetics.com What this session is about Manage and rollout software updates on Embedded Linux devices

665 views • 45 slides
Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices

Mobile security: Tips and tricks for securing your iPhone, Android and other mobile devices Presented by Michael Harris [MS, CISSP, WAPT] Systems Security Analyst University of Missouri Overview What data needs to be protected, what

407 views • 18 slides
From your PC, Mac, Linux, iOS or Android device, go to

From your PC, Mac, Linux, iOS or Android device, go to

CoIIN to Advance Care for Children with Medical Complexity Video conference access PRE-REGISTER Boston University Slideshow Title Goes Here Please see Zoom registration confirmation email From your PC, Mac, Linux, iOS or Android

489 views • 22 slides
Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al

Apposcopy: Semantics- Based Detection of Android Malware through Static Analysis By Feng et al [FSE 14] Presented by Maaz Ahmad The Malware Problem (Feb, 2015) Motive Security Labs estimates 16 million infected mobile devices. [1]

828 views • 30 slides
Networking In Your Pocket How the Linux networking stack is made to work on Android devices

Networking In Your Pocket How the Linux networking stack is made to work on Android devices

Google Proprietary + Confidential Networking In Your Pocket How the Linux networking stack is made to work on Android devices netdev1.1, Seville, 2016-02-10 {lorenzo,ek}@google.com Google Proprietary + Confidential Proprietary + Confidential

298 views • 29 slides
Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity

Android Security CS 4720 Mobile Application Development CS 4720 Security through Obscurity It used to be that phones had so little connectivity to devices other than the phone network that security wasn't a huge deal Phone number

660 views • 15 slides
Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco

Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco

Enhancing Mobile Malware: an Android RAT Case Study BSIDES VIENNA 2014 November 22 About Marco Lancini Security Consultant, CEFRIEL @lancinimarco Roberto Puricelli Security Consultant, CEFRIEL @robywankenoby 2 Introduction Intro

870 views • 35 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook &lt;keescook@google.com&gt; (pronounced Case) Who is

475 views • 33 slides
Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security Dinosaur Smack Linux Security Module Manager Tizen and Linux Kernel Security 2 Tizen Linux based operating system Project of the Linux

486 views • 23 slides
BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member

BE PARANOID OR NOT TO BE ? Alize PENEL Linux and Android System Developer Dev Team Member Agenda 02 03 01 Network Security Internet socket in Aspects Permission in Android OS Marshmallow INTERNET PERMISSION IN MARSHMALLOW

584 views • 33 slides
CS 403X Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 403X Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 403X Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android Software Framework Android Software Framework Multi user Linux system Each Android app is a different Linux user

924 views • 71 slides
Android Oren Laadan orenl@cellrox.com Android Builders 2014 www.cellrox.com aprilzosia Mobile

Android Oren Laadan orenl@cellrox.com Android Builders 2014 www.cellrox.com aprilzosia Mobile

Multi-Persona Android Oren Laadan orenl@cellrox.com Android Builders 2014 www.cellrox.com aprilzosia Mobile devices have multiple uses - - the device needs to reflect that. 2 Android Builders 2014 Security Use Case Personal Phone

874 views • 55 slides
AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan

AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan

Information Systems Architecture Science Research Division AdHocPairing Spontaneous audio based secure device pairing for Android mobile devices Stephan Sigg, Ngu Nguyen, An Huynh and Yusheng Ji iwssi 2012, 18.06.2012, Newcastle Motivation

349 views • 12 slides
Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware

Security &amp; Pie Android 9.0 &amp; APK Security Plan of Attack Start at the hardware Work up to Android OS Climb into the Play Store Discuss Application (APK) Connor Tumbleson Senior Software Engineer @Sourcetoad

673 views • 56 slides
Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract:

Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract:

Proceedings on Privacy Enhancing Technologies ; 2020 (2):436458 Shrirang Mare*, Franziska Roesner, and Tadayoshi Kohno Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract: Consumer smart home devices

596 views • 23 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware Software Development Tools Basics Debugging/Emulator Location Demo Android And Me Why I like Android Blend of Linux

1.01k views • 25 slides
Please see Zoom registration confirmation email From your PC, Mac, Linux, iOS or Android

Please see Zoom registration confirmation email From your PC, Mac, Linux, iOS or Android

CoIIN to Advance Care for Children with Medical Complexity Video conference access PRE-REGISTER Boston University Slideshow Title Goes Here Please see Zoom registration confirmation email From your PC, Mac, Linux, iOS or Android

666 views • 31 slides
Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation

Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation

Dana Geist &amp; Marat Nigmatullin Root/Jailbreak Detection Evasion Study on iOS and Android Research Project 1 Motivation Compromised (rooted/jailbroken) devices are a major issue in the mobile security field. Security and business

718 views • 28 slides

More recommend